Skip to main content
CVE-2018-14398 MEDIUM POC This Month

An issue was discovered in Creme CRM 1.6.12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cremecrm
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16655 MEDIUM POC This Month

Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Gxlcms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-16654 MEDIUM POC This Month

Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Zurmo Crm
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2018-16653 MEDIUM POC This Month

rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Rejucms
NVD GitHub
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-9283 MEDIUM POC This Month

An XSS issue was discovered in CremeCRM 1.6.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cremecrm
NVD
CVSS 3.0
5.4
EPSS
0.8%
CVE-2018-16363 MEDIUM POC PATCH This Month

The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS PHP File Manager
NVD
CVSS 3.0
5.4
EPSS
1.4%
CVE-2018-14397 MEDIUM POC This Month

An issue was discovered in Creme CRM 1.6.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cremecrm
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-14396 MEDIUM POC This Month

An issue was discovered in Creme CRM 1.6.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cremecrm
NVD
CVSS 3.0
5.4
EPSS
0.5%
CVE-2018-16059 MEDIUM POC THREAT This Month

Endress+Hauser WirelessHART Fieldgate SWG70 3.x devices allow Directory Traversal via the fcgi-bin/wgsetcgi filename parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Wirelesshart Fieldgate Swg70 Firmware
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
29.8%
CVE-2018-0662 MEDIUM This Month

Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ts Wrlp Firmware Ts Wrlp E Firmware Ts Wrla Firmware
NVD
CVSS 3.0
6.8
EPSS
0.4%
CVE-2018-0643 MEDIUM This Month

Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-server) 1:1.4.9+p41-u4jma1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via unspecified. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Ubuntu Linux Online Receipt Computer Advantage
NVD
CVSS 3.0
6.6
EPSS
0.5%
CVE-2018-0644 MEDIUM This Month

Buffer overflow in Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 4.8.0 (panda-client2) 1:1.4.9+p41-u4jma1 and earlier, Ubuntu14.04 ORCA (Online Receipt Computer Advantage) 5.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
1.0%
CVE-2018-16665 MEDIUM This Month

An issue was discovered in Contiki-NG through 4.1. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.0
6.1
EPSS
0.3%
CVE-2018-16658 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 4.18.6. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Ubuntu Linux Debian Linux
NVD GitHub
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-0654 MEDIUM This Month

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0653 MEDIUM This Month

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2018-0642 MEDIUM This Month

Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fv Flowplayer Video Player
NVD
CVSS 3.0
6.1
EPSS
1.0%
CVE-2018-0659 MEDIUM This Month

Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create or overwrite existing files via specially crafted ATC file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Attachecase
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-16703 MEDIUM This Month

A vulnerability in the Gleez CMS 1.2.0 login page could allow an unauthenticated, remote attacker to perform multiple user enumerations, which can further help an attacker to perform login attempts. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gleez Cms
NVD GitHub
CVSS 3.0
5.3
EPSS
1.5%
CVE-2018-1757 MEDIUM PATCH This Month

IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to obtain sensitive information due to missing authentication in IGI for the survey application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass IBM Security Identity Governance And Intelligence
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2018-0657 MEDIUM This Month

Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ec Cube Payment Module Gmo Pg Payment Module
NVD
CVSS 3.0
4.8
EPSS
0.5%
CVE-2018-0655 MEDIUM This Month

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-0652 MEDIUM This Month

Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Growi
NVD
CVSS 3.0
4.8
EPSS
0.7%
CVE-2018-16704 MEDIUM This Month

An issue was discovered in Gleez CMS v1.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gleezcms
NVD GitHub
CVSS 3.0
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy